Enterprise Security: The Manager's Defense Guide

Description

• Copyright 2003
• Dimensions: 7-3/8" x 9-1/4"
• Pages: 288
• Edition: 1st

• Book
• ISBN-10: 0-201-71972-X
• ISBN-13: 978-0-201-71972-7

First came Melissa. Then the I Love You virus. Then Code Red and Nimda. The cumulative effects of these successfully orchestrated attacks are taking their toll on the Internet economy. At a minimum, users are frustrated and their confidence is shaken. On the other end of the scale, these attacks can be devastating from a financial standpoint. It is easy to see that providing enterprise security is a critical and potentially overwhelming task, but managers have no excuse for not being prepared. The technologies of the Internet remain a significant drawing card to the business community. So what is the IT manager to do? The challenge is in devising an enterprise security strategy that will defend against all forms of attack. This book is precisely the guide that managers need. Enterprise Security allows the manager to analyze their infrastructure, spot potential weaknesses, and build a formidable defense. Written for professionals charged with defending enterprises, whether large or small, this book provides state-of-the-art guidelines and key advice for making sure that your organization's enterprise is well guarded.



Sample Content

Downloadable Sample Chapter

Click below for Sample Chapter(s) related to this title:
Sample Chapter 1

Table of Contents

Preface.

I. THE FORGING OF A NEW ECONOMY.

1. What is E-Business?

The E-Business Sweepstakes.

Caesars of E-Business: An Embattled Business Culture.

The Lure of Overnight Successes.

Crossing the Digital Chasm.

The Sobering Reality.

Real-World Examples.

E-Business: The Shaping and Dynamics of a New Economy.

The E-Business Supply Chain.

Related E-Business Trends.

Summary.

2. What Is E-Security?

E-Security at Your Service.

Demands on Traditional IT Security: A Changing of the Guard.

Principles of E-Security.

Risk Management in the New Economy.

How E-Security Enables E-Business.

The E-Security Dilemma: Open Access versus Asset Protection.

3. The Malicious Opponents of E-Business.

The Lure of Hacking.

Hackers versus Crackers.

Hacker Groups.

Why Hackers Love to Target Microsoft.

Meeting the Hacker Threat.

National Infrastructure Protection Center.

Central Intelligence Agency.

Other White Hats.

II. PROTECTING INFORMATION ASSETS IN AN OPEN SOCIETY.

4. A New Theater of Battle.

From the Demilitarized Zone and the Perimeter to Guerilla Warfare.

The Triumph of Intranets, Extranets, and Virtual Private Networks.

The Vanishing World of Controlled, or Closed, Access.

The Impact of Open Access.

The Correlation between Open Access and Asset Protection.

The Role of Authentication and Privacy in the New Economy.

Summary.

5. Reempowering Information Technology in the New Arms Race.

The Failings of the Old Paradigm.

Infiltration of Rogue Applets.

Human Error and Omission.

Ongoing Change in the Enterprise Network.

Deploying and Maintaining Complex Layer Client/Server Software.

Shortage of Human Capital.

Rigidity of Enterprise Security Policy.

Tools for Rearming the IT Manager.

Guidelines for E-Security.

Enterprise Security Policy.

Summary.

III. WAGING WAR FOR CONTROL OF CYBERSPACE.

6. Attacks by Syntax: Hacker and Cracker Tools.

Inherent Shortcomings of TCP/IP.

Standard “Ports” of Call.

TCP/IP Implementation Weaknesses.

IP Spoofing.

Distributed Denial-of-Service Attacks and Tools.

Trin00.

Tribe Flood Network.

Tribe Flood Network 2000.

Stacheldraht.

ICMP Directed Broadcast, or Smurf Bandwidth Attack.

Backdoor Programs and Trojan Horses.

Backdoor Program Functions.

Examples of Backdoor Programs.

Summary.

7. Attacks by Automated Command Sequences.

Script Attacks.

The Next Generation of E-Mail Attacks.

The Bubble Boy Virus.

Mainstream JavaScript Attacks.

Attacks through Remote Procedure Call Services.

Brown Orifice.

Summary and Recommendations.

8. Countermeasures and Attack Prevention.

Surviving an Attack.

Formulate an Emergency Response Plan and an Incident Response Team.

Obtain Outside Assistance.

Contact Law Enforcement Authorities.

Use Intrusion Detection System Software.

Countering an Attack.

Disconnect Compromised Host/System from Your Network.

Copy an Image of the Compromised System(s).

Analyze the Intrusion.

Recognizing What the Intruder Leaves Behind.

9. Denial-of-Service Attacks.

Effects of DoS and DDoS Attacks.

General Computing Resources.

High-Performance Firewall.

Network Bandwidth.

Handling a SYN Flood DDoS Attack.

Countermeasures.

Precautions.

Handling a Bandwidth DDoS Attack.

Guarding against Being an Accomplice Network.

Guarding against Becoming an Intermediary Network.

Guarding against Being a Victim.

Handling a UDP Flood Bomb.

Using an IDS.

Recovering from a DDoS Attack.

10. Creating a Functional Model for E-Security.

Developing a Blueprint for E-Security.

Understanding Business Objectives.

Honing in on Your IT Security Policy.

Making Good on IT Security's Best Practices.

The IT Security Functional Model.

Deploying Effective E-Security Architecture: Hardening the Network's Infrastructure.

Hardening Your Router.

Hardening Your Operating Systems.

Summary.

11. Building a Security Architecture.

Firewall Architecture Deployment, Controls, and Administration.

Types of Firewalls.

Hardening Firewalls.

Remote-Access Architecture.

Encryption Options for Administrators.

Securing Remote-Administration Pipes for Administrators.

Remote-Access Architecture/Solutions for Users.

Vulnerability Assessment Architecture/Solutions.

Network-Based Assessment Architecture.

Host Vulnerability Assessment.

Intrusion Detection Architecture.

Network-Based IDS Architecture.

Host-Based IDS Solutions.

IV. ACTIVE DEFENSE MECHANISMS AND RISK MANAGEMENT.

12. Vulnerability Management.

Types of Vulnerabilities.

Managing IT Systems Vulnerabilities.

Conducting Vulnerability Analysis.

Network-Based Vulnerability Analysis.

Host-Based Vulnerability Analysis.

13. Risk Management.

The Role of Assessment in Risk Management.

The Process of Risk Management.

Defining the System Boundaries.

Threat Analysis.

Impact Analysis.

Risk Determination.

Summary.

Appendix A: SANs/fbi Top 20 Internet Security Vulnerabilities.
Appendix B: Sample CERT/Coordination Center Incident Response Form.
Appendix C: Windows 2000 Security/Hardening Plan.
Appendix D: Denial-of-Service Attacks.
Glossary.
Bibliography.
Index. 020171972XT08282002

Preface

A Call to Arms

First came Melissa, then "Explore.Zip," and the Love Bug. Their names were provocative, fun and cute. Then came Code Red, Nimda, and more recently, Reeezak. (That is no typo; it's triple "E.") Their names, in contrast, are sinister, apocalyptic and foreboding. So what's in a name? In March 1999, Melissa marked the beginning of the world's reckoning with a new type of Internet Virus - a computer worm. A computer worm is a special type of virus that is designed to copy itself from one computer to another by leveraging email, TCP/IP and related applications. In contrast to normal computer viruses that are occupied with spreading many copies of themselves on a single computer, computer worms are concerned with infecting as many machines as possible. By all accounts, computer worms are nasty critters that have wreaked considerable damage and wasted billions of dollars in computer worker hours. Between the Love Bug, Code Red, and Nimda, the Internet community lost over $11 billion in terms of productivity and wasted IT staff time for cleanup. The Love Bug led the pack, costing the global Internet community close to $8 billion and eventually infecting approximately 45 million email users in May of 2000. Code Red (July 2001) cost the Internet community $2.6 billion and Nimda (September 2001) caused $531 million in damage and cleanup.

At this writing, (January 2002) yet another computer worm is unleashing itself on the Internet community, with a somewhat ominous sounding name identified as Reeezak. Reeezak, like other worms, appears in email in boxes with an innocent sounding subject that simply says "Happy New Year." The message of the email also compares in tone, reading: "Hi...I can't describe my feelings, but all I can say is Happy New Year J Bye." It comes with an attachment called "Christmas.exe," which when double clicked, sends itself to all addresses listed in the user's address book while attempting to delete all the files in the Windows directory and anti-virus programs. The worm also disables some keys on the keyboard and propagates using Microsoft's compatible version of IRC (Internet Relay Chat) program. Reeezak, like other worms, only affects users of Microsoft's Outlook or Outlook Express email clients.

If the proliferation of email worms is not insidious enough, the Internet community also experienced the effects of another class of attacks just a few months before the love-letter worm (February 2000). The now infamous and very shocking distributed denial of service attacks on several of the largest and most popular eBusiness sites of Amazon, Yahoo, eBay and E-Trade were not only brazen, making the headlines of many major metropolitan newspapers, but a wake-up call to the high flying eCommerce world.

The cumulative effects of successfully orchestrated attacks are taking their toll on the Internet economy. At a minimum, users are frustrated and their confidence is shaken. Also, a "cloud" rains on the parade marching with fanfare toward eBusiness horizons. Attacks can be potentially devastating, especially from a financial standpoint. In the case of "E-Trade," livelihoods were affected on both sides of the virtual supply chain, the new business model that is enabling online businesses to reinvent themselves to capitalize on dynamic eBusiness marketplaces.

Stock traders that subscribe to the eCommerce service lost the ability to queue up their orders, beginning at 7 a.m. so that the trades could be triggered at the start of the opening bell at 9:30 a.m. In addition to being livid because legitimate orders were being denied by bogus activity flooding the site, the stock traders lost critical financial advantage for certain security tenders. The owners of the breached eBusiness sites were embarrassed, to say the least. They also inherited a potentially explosive problem that raises the question of security immediately and the viability of eCommerce as a long-term business enterprise. More importantly though, if customers lose confidence in the ability to conduct business safely and expediently at these sites, those customers will go elsewhere. Lost customers are unmistakably the death knell for Internet enterprises.

The discussion could go on and on with examples, but you get the message. Operating in the Internet economy is risky indeed. So what can be done about it? That is the purpose of this book. Enterprise Security: The Manager's Defense Guide is a comprehensive guide for handling risks and security threats to your internal network as you pursue eBusiness opportunities. Network security, which factors in open access to the enterprise's information assets, is eBusiness security. Open access allows online transactions to incorporate critical information for customers, suppliers, and partners no matter who they are or where they are. eBusiness security is an extension of the security provided by firewalls and virtual private networks (VPNs) integrated with risk management, vulnerability assessment, intrusion detection, content management, and attack prevention. In intranets and extranets and servers in the demilitarized zone (DMZ), firewalls protect the information assets behind its walls. When information is in transit via the Internet, firewalls hand-off protection of transactions to VPNs. But when information assets are residing behind the perimeter of firewalls or not in transit how do you protect them?

That's the domain of eSecurity. eSecurity solutions factor in scanning technologies to actively police operating systems, applications and network devices for vulnerabilities in the infrastructure needed to both process, maintain and store the enterprise's information assets. In other words, eSecurity solutions identify potential threats or security events, such as the denial of service kind and/or viruses. eSecurity also provides real-time scanning to detect in-progress port scans or intruders looking for an unsecured Window or door to gain illegal access into your network. After detection, eSecurity solutions facilitate corrective or preventative action before the attack can be launched without disruption to the network. eSecurity also provides a framework for surviving an attack in progress.

This book also provides a detailed conceptual review of the most popular detection, assessment, hardening techniques, and real-time security systems that can be integrated to provide lifecycle security solutions. In summary, this book will discuss a systematic process of protecting network information assets by eliminating and managing security threats and risks while doing business in the free society of the Internet.

Why Enterprise Security: The Manager's Defense Guide

It goes without saying that networks are complex systems and that providing the optimum level of network security has been particularly challenging to the IT community since the first PCs were attached to network cabling decades ago. Today, providing network security could be potentially overwhelming. The prospect of a business going online is so compelling primarily because of the pervasiveness of the Internet and the promised payoff of exponential returns. The technologies of the Internet are also a significant drawing card to the business community. The ability to present your information assets in multimedia views is hard to forego. Suddenly it seems that 3-D graphical views, graphics, animation, video and audio functionality, and low cost communication are the preferred methods of building brand loyalty from consumers or preferred vendor status with customers. It also provides partners and suppliers a strategic advantage if they are connected directly to critical information assets required for competitiveness and meeting business objectives. The technologies of the Internet also make it easy to collaborate through email messaging and workflow processes and to transfer huge amounts of information cost effectively.

As easily as these technologies are embraced they are also criticized because of their inherent security problems. TCP/IP, though a communication's marvel, is inherently insecure. When the protocol was a design spec, the creators had no compelling reason to build in basic encryption schemes in the "free spirited" operating climate of the computing world when TCP/IP was conceived in 1967. Basic security could have possibly been built in at that time, setting the stage for other systems to be secure when spawned by the Internet decades later. Microsoft's tools and application systems such as Visual Basic, Outlook, Window's NT, and various office suites are forever being slammed by disappointed users for the company's apparent decisions to trade off security in order to be the first to market. Even Microsoft's security protocol PPTP (Point-to-Point Tunneling Protocol) for dial-up VPN tunneling was also fraught with security problems in the beginning.

Even Sun Microsystems System's Java, a secure programming language for creating spectacular eBusiness applications, is not without its problems. And depending on security policy, many enterprises turn applets off in user browsers to prevent malicious code that may be attached to the applets from finding its way into systems when initially downloaded. Therefore, because of the inherent insecurities of web enabled technologies, the complexity of the functional aspects of networks, multiple operational layers and more importantly the skill of hackers, eSecurity must be inherently comprehensive.

Consequently, this book reveals how security must be implemented and administered on multiple levels for effective network security. It systematically reviews the processes required to secure your system platform, applications, operating environment, processes, and communication links. Effective eSecurity must also address the application development tools used to develop your information assets consisting of applications, programs, data, remote procedures, and object calls that are integrated to present your intellectual capital through the dynamic multimedia world (virtual supply chain) of the global Internet economy.

About This Book

The subject matter of this book is provided in five parts. A description of each part follows.

Part I, "The Forging of a New Economy" provides a discussion of the hyper growth opportunity the world refers to as eBusiness. This section makes the case for eSecurity and why it's a closely connected enabler of eBusiness, the new economy. Part I also takes you into the flip side of the eBusiness world, or the world of the hacker, which is surprisingly well organized. The reader is introduced to the seriousness of the hacker problem along with a review of how hackers may single handedly jeopardize the future of eBusiness as a viable industry. In order for eBusiness to achieve its expected super growth projections over the next several years, an arms race will ensue with no definite end in sight.

Part II, "Cyberwar I: Protecting Information Assets in an Open Society" is intended to discuss the triumphs of firewalls, controlled network access and VPNs. However, Part II also discusses the glaring shortcomings of these security systems as perimeter and in transit defenses and point to the need for more effective solutions. In addition, this section enumerates and discusses the specific security problems that arise if IT mangers rely on perimeter defenses and controlled access alone to protect their enterprise networks. Part II also introduces an overview of complementary methodologies such as intrusion detection, vulnerability assessment and content management. When used together with perimeter defenses, these methodologies will provide Web based enterprise networks with total security or as much as is practical in the world today. After completing Part II, you should gain a greater appreciation of a system of security measures, which when put in place, will effectively thwart hackers including the malicious ones called crackers.

Part III, "Cyberwar II: Control for Cyberspace" covers a major portion of the book. In this part, the reader is exposed to how hackers and crackers wage war in cyberspace against hopeful denizens of the new economy. Their specific weapons (software tools) are covered including the distributed denial of service (DDoS) tools that brought down E-Trade and effectively disrupted service in Amazon.com and eBay. This part also presents eSecurity solutions, which IT managers can deploy for effectively handling the clandestine or guerilla warfare-like tactics of the wily hacker. When this section is finished, the reader should possess a practical knowledge of eSecurity solutions designed for protecting enterprise networks in the new economy.

Part IV, "Active defense mechanisms and risk management" concludes the book. This part discusses specific processes involved in implementing and using tools and methodologies that provide security for network infrastructures and related applications for eBusiness. The eSecurity components of vulnerability and risk management, along with vulnerability assessment and risk assessment and their interrelationships, are covered in full and carefully positioned as a total solution for deploying security effectively. An extensive set of guidelines is provided such that both the information technology and non-technical professional can follow. Following these guidelines to implement the total eSecurity solution will result in fully protecting the enterprise's network against hacker incursions.

A series of Appendixes is also included to provide important details of subject matter for facilitating the overall eSecurity process.

This book incorporates the necessary tables and illustrations to facilitate exposition of the subject matter.

How This Book is Organized

Enterprise Security is a comprehensive description of the effective process of eSecurity, the human threat and what to do about it. In Intranets and extranets, information assets are defended on the perimeter of the enterprise network by firewalls. When information traverses the Internet it is protected by VPNs and secure socket layers provided by browser based encryption. But when information is either residing behind the perimeter, perhaps dormant, or not in transit, how is it protected? This is where eSecurity comes in.

Book Organization

I. Part 1: The Forging of a New Economy

A. Chapter 1: What is eBusiness?

B. Chapter 2: What is eSecurity?

C. Chapter 3: The malicious opponents of eBusiness: Marauders or just Cyberpunks?

II. Part 2: Cyberwar I: Protecting Information Assets in an Open Society

A. Chapter 4: A new theatre of battle

B. Chapter 5: Re-empowering IT in the new arms race

III. Part 3: Cyberwar II: Control for Cyberspace

A. Chapter 6: Hacker and cracker tools: conducting a campaign of war

B. Chapter 7: Other attack classes and exploited vulnerabilities

C. Chapter 8: Countermeasures and attack prevention

D. Chapter 9: Coping with Denial of Service (DoS) Attacks

E. Chapter 10: Architecture, countermeasures and strategies for the "White Hats, Part I"

F. Chapter 11: Architecture, countermeasures and strategies for the "White Hats, Part II"

IV. Part 4: The Secure eBusiness Process

A. Chapter 12: Vulnerability management

B. Chapter 13: Risk management

V. Appendixes

A. Appendix A: Sans Institute Top Twenty Vulnerabilities

B. Appendix B: Sample CERT/CC Incident Response form

C. Appendix C: Hardening the Windows 2000 Operating System

D. Appendix D: Denial of Service attacks: in depth descriptions

VI. Glossary

Intended Audience and How to Use This Book

Exterprise Security, is intended for small, medium, and multinational corporations; federal, state, and local governments; and associations and institutions that are intrigued with the potential of the Internet for business opportunity and providing services. There are a variety of reasons organizations are so interested in conducting commerce over the Internet: competitiveness is one and improvement of services is another. But the ultimate motivation for this momentum appears to be the monetary rewards associated with effectively harnessing online supply chains for the world's Internet community. In response to such ambitions, organizations are wrestling with the challenge of connecting business partners, customers, suppliers, remote field locations, branch offices, mobile employees and consumers directly online to the enterprise network. They are also wrestling with the risks of allowing open access to information assets. The eBusiness community requires comprehensive but easy to manage security solutions to handle security risks to the enterprise network. If these problems aren't effectively addressed, the outcome could be potentially devastating to the long-term viability of eCommerce.

This book provides a detailed review of eSecurity, a process of protecting online information assets in the virtual supply chain provided by enterprises over the Internet. ESecurity incorporates the state-of-the-art in IT-based security products, methodologies and procedures for delivering rapid return on investment (ROI), uninterrupted network availability, proactive strategies, barriers to malicious intent and confidence in the overall integrity of the eBusiness products and services. The following readers would benefit most from this book.

• Chief Information Officers (CIOs) - Has decision making authority and responsibility for overall information technology infrastructure and policy for the entire enterprise. Providing secure communications and protecting information assets without disruption to the business process are examples of typical challenges faced by CIOs. If an organization is involved in an eBusiness venture, in theory, executive IT management already understands the importance of enterprise network security. Chapter 4, "A New Theatre of Battle," should be of particular interest if only firewalls and/or VPNs are in use to protect the network. This chapter discusses the shortcomings of perimeter defenses and points to the need for stronger security measures. Chapter 5, "Re-empowering IT in the New Arms Race," reviews specific security breaches and an overview of eSecurity's functional framework. Chapter 8, "Countermeasures and Attack Prevention" and Chapter 10 and 11"Architecture, Countermeasures, and Strategies for the 'White Hats,'" Parts I and II, expand upon the eSecurity framework presented in Chapter 5, by providing an overview of the functional components of eSecurity. As a CIO, you should also find Chapters 12, "Vulnerability Management" and Chapter13, "Risk Management," equally important.
• Other Executives/Department Managers - Amongst other responsibilities, you may be charged with providing and maintaining the information assets that drive the virtual supply chain of the eBusiness apparatus. Therefore, Chapter 1, "What is eBusiness?," Chapter 2, "What is eSecurity?," and Chapter 3, "The Malicious Opponents of eBusiness: Marauders or just Cyberpunks," will be of particular interest to you. Chapter 1 reiterates the exciting business potential of eCommerce. Chapter 3 discusses the potential barriers that hackers pose to the posterity of eBusiness. Chapter 3 is also a chilling reminder that if networks aren't secure, eBusiness will never reach its full potential. Chapters 12 and 13 are also a must read for executive managers.
• MIS/IT Managers, Web Masters and Security Professionals - This is the main reader audience for this book. Typically you have direct or managing responsibility for network security. You may also have the unenviable task of translating the business requirements into network security solutions, evaluating the impact of the new solution on the infrastructure and implementing and managing the security expansion and process. If this is the case, you will find the entire book beneficial.
• System Analysts/Project Managers - If this reader group best defines your occupation, your interest in this book should coincide with the interests of the previous group. You should find Chapters 8 through 11 especially interesting.

020171972XP04152002

Index

Click below to download the Index file related to this title:
Index



Updates

Submit Errata

